Chad Walstrom <chewie@wookimus.net> writes:
> On Tue, Dec 02, 2003 at 02:01:23PM +0100, Bernhard R. Link wrote:
> > > A true IDS is needed, such as aide, tripwire, or cfengine to detect
> > > post-installation intrusion. Tie in aide or tripwire database
> > > checks/updates with the apt.conf "PostInst" option in addition to a
> > > daily cronjon to ensure the database is updated in a timely manner.
> >
> > I think this is even more stupid than using *.md5sums. When they are
> > daily generated, you have no chance at all to be sure they are not
> > modified.
>
> I'm not following your logic, if that's what you call it. You're saying
> that checking the current filesystem on a daily basis is NOT a good way
> to verify filesystem integrity?
>
> Update your system when you introduce a known change (a must). Check it
> daily (a must). What is incorrect about this policy?
I think he misunderstood you. He thought you would update the md5sums
daily via cron instead of checking the daily.
MfG
Goswin